Downloaded 12 times
More Related Content
Similar to Azure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptx
- 1.
- 2. 09:00-10:20 Understanding AzureAPI Management 05 min Introduction - Say hello. 15 min Presentation - Let's talk about API-M in general but also how it works 15 min Task 1 - Prerequisites - We use the portal and PowerShell inside the portal. 10 min Task 2 - Provisioning (Consumption) 20 min Task 3 - API import in 3 different ways 15 min Task 4 - Products and Subscriptions 10:20-10:40 Break 10:40-12:00 Policies in Azure API Management 20 min Presentation (and pre-requisites) 20 min Mocking 10 min Manipulating the response 20 min Conditions Agenda (160 min)
- 4. Frictionless consumption Self-service useronboarding Front door Single point of ingress Façade Hide backends from frontends Move backends without impacting frontends Re-architect backends without impact on frontends Expose a subset of backend capabilities Aggregate or slice backends into APIs Modernize legacy backends Decouple frontend developers with mocks Route Authenticate Authorize Throttle Transform Trace Meter Discover APIs Learn how to use APIs Try APIs without writing any code Request and receive access to APIs Download API specs, samples, and SDKs Interact with the API provider Get usage reports
- 5. What we cando with API Management
- 6. Enforce pre-access checks. Preventunauthorized access Prevent excessive usage Watch for abnormal activity
- 7.
- 9. Vipps Services Merchant Services subscribes subscribes contains subset of ServiceAPI Service API Service API Service API Service API Service API Service API Vipps App Merchants contains subset of Azure API Management Service API Endpoint 1 Endpoint 2 Users Products APIs
- 10. • Portal • ARM •REST • PowerShell • Azure .NET SDK • Terraform • Pulumi • Ansible
- 12.
- 13. > $apimContext New-AzApiManagementContext"VIPPS-SIT-rg" "VIPPSSITapi02" >
- 14. > Import-AzApiManagementApi $apimContext"Swagger" "/Users/sma/git/msbuild/files/2.20-swagger-canary.json" "canary" "canary"
- 15.
- 16.
- 17.
- 18. > Set-AzApiManagementPolicy $apimContext"canary -PolicyFilePath "/Users/sma/git/msbuild/files/2.20-canary.policy" >
- 21. Task 1: Setup(together) Make sure you can open a console from within the Azure Portal. Create then a resource group where you will deploy APIM to. Task 2: Provision an instance of Azure API Management Use PowerShell from the console in the Azure Portal. Provision an instance of APIM and make sure that whatever you will provision in this workshop will be deleted later together. Choose the purchasable Stock Keeping Unit (SKU) that bills per execution. Task 3: Deploy 3 APIs in 3 different ways In this task we'll deploy 3 APIs that we will need in the task that follows. 1.Deploy the famous conference API (https://conferenceapi.azurewebsites.net/?format=json ) to your APIM instance with PowerShell and test it from your favorite browser. 2.Deploy the petstore api (https://petstore.swagger.io/v2/swagger.json ) to your APIM instance directly from within the Azure Portal. 3.Create an own API called payments API with a basic GET endpoint directly from within in the Azure Portal. This API won't do much since it is missing an actual implementation yet. We will fix this in a later task. Task 4: Secure your APIs There are two clients. One client is an iOS developer that has written an App that shows Microsoft conferences. He needs only access to your conference API. The other client represents your own Android App that implements a pet store. This client need access to the petstore API and the payments API. In this task you will need to look at products.
- 26. In what languagedo we code policies?
- 27.
- 28. choose when condition BOOLEAN return-response set-statuscode 400 reason Bad Request set-header name Content-Type exists-action override value value set-header set-body set-body return-response when choose
- 30. Task 5: Mockthe payments API The payments API doesn't have an implementation yet. In this task we will mock its response with policies. To make it easy to change the response text later, we define the response text as a placeholder. We use named values for that. Task 6: Append header to the response Cutomers using our API Management instance will need to pay for the services they use. Once a month, they get a report about the usage per cost center. The problem for the customers today is that they don’t know what cost center the petstore belongs in. Let’s change that by appending a «CostCenter»-header to the response. The value can be anything. Task 7: Blacklist IPs We have one blacklisted IP address that we want to prevent from using all services coming through API Management. We will add a policy to our instance that will prevent this IP from accessing all of our services.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 42. Task 6: ConfigureAPIM to send logs to Event Hub We need to collect logs to event hub for further processing, therefore we need to do the following: 1. Create EventHub namespace with EventHub called apimlogs 2. Add new APIM EventHub logger and use EventHub created at #1 3. Configure that all inbound calls for all APIS send the following data to EventHub: timestamp (in UtcNow format), request id and operation name Task 7: Configure APIM to send logs to Application Insight To simplify debugging we can send APIM logs to Aplication Insight. Let’s create new Application Insight instance and configure APIM that all APIs logs request data to Application Insight.
Editor's Notes
- #5 So what are the benefits of deploying API Management in front of your services. This comes down to the essence of API Management. APIM creates a façade in front of your service clusters APIM serves as a front door and a single point of ingress to your backend services. It is a reverse proxy that routes incoming requests to your backend services. You can handle all of our cross-cutting concerns in API management. Since all traffic goes through APIM, Azure also collects telemetry, so you can trace requests and meter the usage. APIM also provides kind of self-service, so we can easily onboard developers that want to use our APIs.
- #8 We think APIM to be a very powerful and flexible tool with lots of great features. The most important job of APIM in Vipps is for composing APIs across services running in AKS, serverless or elsewhere. Another use is coarse grained access control. There is no need to allow traffic further into our systems if it can be stopped at the edge, but applications are ultimately responsible for their own access control. We also use it for rate limiting, helping protect the rest of our infrastructure and increasing overall reliability.
- #11 AzureRm
- #12 AzureRm
- #21 Swagger https://petstore.swagger.io/ Portal / Management portal SKU Versioning Groups Named Values VSCode extension #tmp-apim-ws-2
- #30 Where do I find some policy tutorials? What is the common way of debugging a policy? How does VS Code support policies? Where is the policy documentation?
- #33 AzureRm
- #34 AzureRm
- #35 AzureRm
- #36 https://portal.azure.com/#@vipps.no/resource/subscriptions/f8fd3f8e-49d5-4c8e-8d21-f7e0bbbde0df/resourceGroups/VIPPS-MT1-rg/providers/microsoft.insights/components/vipps-apim-mt/applicationMap
- #37 AzureRm
- #38 AzureRm
- #39 AzureRm
- #40 AzureRm
- #41 AzureRm